305ae9c6fa1398b51770566cde61acf0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

305ae9c6fa1398b51770566cde61acf0_JaffaCakes118
Size

453KB
MD5

305ae9c6fa1398b51770566cde61acf0
SHA1

cb4952ee2e078880a758c091ffdc55ef9421a091
SHA256

173adcfbf219d7cd32314a79c049130b2a968ea9de4f2dea347411d50c2f600d
SHA512

7a15393865f12c0d4784c3e4506c0989cc229d751761a1fa89dd8b5af791913faf5f845cc8e1bc60d3d7c38ec8131691485c9292b9e9c7c42f3279126ff94445
SSDEEP

12288:iX1IACwikOgv9e0oX8mua/aayS7AZal3Dw:i2Alik/1Gw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
305ae9c6fa1398b51770566cde61acf0_JaffaCakes118

Files

305ae9c6fa1398b51770566cde61acf0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a848561176e9d1392248bdaa314716ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconW
ExtractIconW
DragQueryFileW
SHFileOperationW
SHAppBarMessage

shlwapi

PathRemoveFileSpecW

iphlpapi

GetBestInterfaceEx

crypt32

CryptDecodeObject
CertOpenStore
CertCreateCertificateContext
CryptStringToBinaryW
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CryptMsgUpdate
CertCloseStore
CertGetCertificateChain
CryptBinaryToStringW
CertGetEnhancedKeyUsage
CertFindExtension
CertVerifySubjectCertificateContext
CertCompareCertificate
CertGetNameStringW
CertVerifyCertificateChainPolicy
CryptSignMessage
CertFindCertificateInStore
CryptVerifyDetachedMessageSignature
CryptMsgOpenToDecode
CryptMsgClose
CertFreeCertificateChain
CryptProtectData
CertAddCertificateContextToStore

ws2_32

WSALookupServiceNextW
getaddrinfo
WSALookupServiceBeginW
WSANSPIoctl
WSAIoctl
WSALookupServiceEnd
freeaddrinfo

verifier

VerifierEnumerateResource

rpcrt4

MesDecodeBufferHandleCreate
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrMesTypeFree2
CStdStubBuffer_QueryInterface
MesEncodeDynBufferHandleCreate
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
NdrMesTypeEncode2
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
MesHandleFree
NdrOleAllocate
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
NdrDllRegisterProxy
NdrOleFree
NdrMesTypeDecode2

netapi32

NetApiBufferFree
NetGetJoinInformation

setupapi

SetupDiOpenDeviceInfoW
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

msimg32

GradientFill

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

credui

CredUIPromptForCredentialsW
CredUIParseUserNameW

ole32

CoInitializeEx
OleIsCurrentClipboard
OleLoadFromStream
StringFromCLSID
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoGetMalloc
OleSaveToStream
CoTaskMemFree
CoTaskMemRealloc
OleSetClipboard
CoCreateInstance
OleRegGetUserType
OleGetClipboard
CreateOleAdviseHolder
CLSIDFromString
OleInitialize
OleRegGetMiscStatus
OleRegEnumVerbs
CreateDataAdviseHolder
ReleaseStgMedium
OleUninitialize
WriteClassStm

urlmon

CopyStgMedium

advapi32

GetUserNameA
CredDeleteW
CredWriteDomainCredentialsW
CryptGenRandom
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExA
RegOpenKeyW
GetTraceEnableFlags
GetSecurityDescriptorLength
GetTraceEnableLevel
GetFileSecurityW
RegDeleteValueW
UnregisterTraceGuids
CredReadW
RegCreateKeyW
SetFileSecurityW
RegCloseKey
RegDeleteKeyW
CredGetSessionTypes
CryptAcquireContextW
RegQueryInfoKeyW
CredReadDomainCredentialsW
RegQueryValueExA
RegOpenKeyA
GetUserNameW
RegDeleteValueA
CredUnmarshalCredentialW
RegOpenKeyExA
RegSetValueExA
RegEnumValueW
RegCreateKeyExW
RegConnectRegistryW
RegisterTraceGuidsW
RegEnumKeyExA
GetTraceLoggerHandle
CredFree
TraceMessage
RegOpenKeyExW
RegQueryInfoKeyA
CredWriteW
RegQueryValueExW
RegFlushKey
CryptReleaseContext

wininet

InternetGetCookieW

cryptui

CryptUIDlgViewCertificateW

user32

FlashWindow
CloseClipboard
GetWindowRect
GetForegroundWindow
ShowWindow
GetClassInfoExW
SetTimer
CountClipboardFormats
UnionRect
RegisterClassW
RedrawWindow
SetWindowTextW
wsprintfW
GetCursorPos
GetWindow
EnumPropsA
SetCursorPos
GetSysColorBrush
UnhookWindowsHookEx
GetLastActivePopup
EndPaint
MonitorFromWindow
CopyIcon
GetFocus
UpdateWindow
DrawTextW
GetWindowDC
CharLowerW
SetClipboardViewer
GetDC
AdjustWindowRect
SetWindowPos
RegisterClassExW
GetClassInfoW
CharNextW
GetClassNameW
SetWindowLongW
PostQuitMessage
DestroyAcceleratorTable
FindWindowExW
CreateWindowExW
ShowScrollBar
GetKeyState
BeginPaint
InvalidateRect
LoadIconW
RegisterHotKey
EmptyClipboard
IsDlgButtonChecked
DestroyWindow
SetCapture
LoadStringW
EnumClipboardFormats
CreateCursor
DrawIconEx
DlgDirListA
DeferWindowPos
SetRect
GetCapture
GetKeyboardLayout
SetParent
GetKeyboardState
CheckDlgButton
UnregisterHotKey
ScreenToClient
SetDlgItemTextW
KillTimer
GetWindowLongW
EnableMenuItem
GetSysColor
DefWindowProcW
LockWindowUpdate
GetKeyboardType
GetDlgItem
ChangeClipboardChain
IsIconic
LoadImageW
GetClipboardData
PostMessageW
SetWindowPlacement
GetWindowTextW
GetKeyboardLayoutNameA
AttachThreadInput
FillRect
SendInput
DialogBoxParamW
GetKeyboardLayoutNameW
SetFocus
GetMessageW
MessageBeep
LoadCursorW
ShowCursor
GetAsyncKeyState
IsChild
EqualRect
SendMessageW
PeekMessageW
IsWindowVisible
SystemParametersInfoW
GetClientRect
GetSystemMetrics
PostThreadMessageW
RegisterWindowMessageW
IsWindow
RegisterRawInputDevices
GetRawInputData
SetWindowRgn
EnableWindow
IntersectRect
EndDialog
DefDlgProcW
SetScrollInfo
CreateDialogParamW
RegisterDeviceNotificationW
BringWindowToTop
SetForegroundWindow
DispatchMessageW
SetRectEmpty
SetScrollPos
DestroyCursor
CloseWindow
InflateRect
GetWindowThreadProcessId
GetMessageExtraInfo
GetParent
IsZoomed
GetGUIThreadInfo
GetSystemMenu
FindWindowW
IsWindowEnabled
ClientToScreen
PtInRect
MapVirtualKeyW
GetActiveWindow
IsClipboardFormatAvailable
EndDeferWindowPos
BeginDeferWindowPos
CallWindowProcW
SetWindowsHookExW
OpenClipboard
SystemParametersInfoA
UnregisterDeviceNotification
MapWindowPoints
GetLastInputInfo
SetActiveWindow
ReleaseDC
GetDesktopWindow
MoveWindow
CreateIconIndirect
MsgWaitForMultipleObjectsEx
GetWindowPlacement
GetClipboardViewer
UnregisterClassW
SetClipboardData
SetCursor
OffsetRect
RegisterClipboardFormatW
CharPrevW
DestroyIcon
GetClipboardFormatNameW
CallNextHookEx
CopyRect
keybd_event

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

waveOutReset
waveOutGetPitch
waveOutClose
waveOutUnprepareHeader
waveOutSetVolume
waveOutOpen
waveOutWrite
waveOutPrepareHeader
waveOutGetVolume

kernel32

VirtualAlloc
AddAtomA
GetLastError
BackupRead

secur32

DeleteSecurityContext
GetUserNameExW
FreeContextBuffer
InitializeSecurityContextW
DecryptMessage
EncryptMessage
AcquireCredentialsHandleW
QuerySecurityPackageInfoW
FreeCredentialsHandle

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a848561176e9d1392248bdaa314716ea

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

iphlpapi

crypt32

ws2_32

verifier

rpcrt4

netapi32

setupapi

msimg32

wtsapi32

credui

ole32

urlmon

advapi32

wininet

cryptui

user32

version

winmm

kernel32

secur32

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 258KB - Virtual size: 1.9MB

.rdata Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 168KB - Virtual size: 168KB

.idata Size: 10KB - Virtual size: 10KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 258KB - Virtual size: 1.9MB

.rdata
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 168KB - Virtual size: 168KB

.idata
Size: 10KB - Virtual size: 10KB